Loading cmds/statsd/src/atoms.proto +42 −0 Original line number Diff line number Diff line Loading @@ -341,6 +341,8 @@ message Atom { NotificationReported notification_reported = 244; NotificationPanelReported notification_panel_reported = 245; NotificationChannelModified notification_panel_modified = 246; IntegrityCheckResultReported integrity_check_result_reported = 247; IntegrityRulesPushed integrity_rules_pushed = 248; } // Pulled events will start at field 10000. Loading Loading @@ -8070,3 +8072,43 @@ message UserspaceRebootReported { // State of primary user's encryption storage at the moment boot completed. Always set. optional UserEncryptionState user_encryption_state = 3; } /* * Logs integrity check information during each install. * * Logged from: * frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java */ message IntegrityCheckResultReported { optional string package_name = 1; optional string app_certificate_hash = 2; optional int32 version_code = 3; optional string installer_package_name = 4; enum Response { UNKNOWN = 0; ALLOWED = 1; REJECTED = 2; FORCE_ALLOWED = 3; } optional Response response = 5; // An estimate on the cause of the response. This will only be populated for // REJECTED and FORCE_ALLOWED optional bool caused_by_app_cert_rule = 6; optional bool caused_by_installer_rule = 7; } /** * Logs the information about the rules and the provider whenever rules are * pushed into AppIntegrityManager. * * Logged from: * frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java */ message IntegrityRulesPushed { optional bool success = 1; // Package name of the app that pushed the rules. optional string rule_provider = 2; // Version string of arbitrary format provided by the rule provider to // identify the rules. optional string rule_version = 3; } services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +32 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.RemoteException; import android.util.Slog; import android.util.StatsLog; import com.android.internal.R; import com.android.internal.annotations.VisibleForTesting; Loading Loading @@ -161,6 +162,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { success = false; } StatsLog.write(StatsLog.INTEGRITY_RULES_PUSHED, success, ruleProvider, version); Intent intent = new Intent(); intent.putExtra(EXTRA_STATUS, success ? STATUS_SUCCESS : STATUS_FAILURE); try { Loading Loading @@ -258,6 +261,15 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { + result.getEffect() + " due to " + result.getRule()); StatsLog.write( StatsLog.INTEGRITY_CHECK_RESULT_REPORTED, packageName, appCert, appInstallMetadata.getVersionCode(), installerPackageName, getLoggingResponse(result), isCausedByAppCertRule(result), isCausedByInstallerRule(result)); mPackageManagerInternal.setIntegrityVerificationResult( verificationId, result.getEffect() == IntegrityCheckResult.Effect.ALLOW Loading Loading @@ -570,6 +582,26 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { } } private static int getLoggingResponse(IntegrityCheckResult result) { if (result.getEffect() == IntegrityCheckResult.Effect.DENY) { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED; } else if (result.getRule() != null) { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED; } else { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED; } } private static boolean isCausedByAppCertRule(IntegrityCheckResult result) { // TODO(b/147095027): implement this. return true; } private static boolean isCausedByInstallerRule(IntegrityCheckResult result) { // TODO(b/147095027): implement this. return true; } private List<String> getAllowedRuleProviders() { return Arrays.asList(mContext.getResources().getStringArray( R.array.config_integrityRuleProviderPackages)); Loading Loading
cmds/statsd/src/atoms.proto +42 −0 Original line number Diff line number Diff line Loading @@ -341,6 +341,8 @@ message Atom { NotificationReported notification_reported = 244; NotificationPanelReported notification_panel_reported = 245; NotificationChannelModified notification_panel_modified = 246; IntegrityCheckResultReported integrity_check_result_reported = 247; IntegrityRulesPushed integrity_rules_pushed = 248; } // Pulled events will start at field 10000. Loading Loading @@ -8070,3 +8072,43 @@ message UserspaceRebootReported { // State of primary user's encryption storage at the moment boot completed. Always set. optional UserEncryptionState user_encryption_state = 3; } /* * Logs integrity check information during each install. * * Logged from: * frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java */ message IntegrityCheckResultReported { optional string package_name = 1; optional string app_certificate_hash = 2; optional int32 version_code = 3; optional string installer_package_name = 4; enum Response { UNKNOWN = 0; ALLOWED = 1; REJECTED = 2; FORCE_ALLOWED = 3; } optional Response response = 5; // An estimate on the cause of the response. This will only be populated for // REJECTED and FORCE_ALLOWED optional bool caused_by_app_cert_rule = 6; optional bool caused_by_installer_rule = 7; } /** * Logs the information about the rules and the provider whenever rules are * pushed into AppIntegrityManager. * * Logged from: * frameworks/base/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java */ message IntegrityRulesPushed { optional bool success = 1; // Package name of the app that pushed the rules. optional string rule_provider = 2; // Version string of arbitrary format provided by the rule provider to // identify the rules. optional string rule_version = 3; }
services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +32 −0 Original line number Diff line number Diff line Loading @@ -49,6 +49,7 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.RemoteException; import android.util.Slog; import android.util.StatsLog; import com.android.internal.R; import com.android.internal.annotations.VisibleForTesting; Loading Loading @@ -161,6 +162,8 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { success = false; } StatsLog.write(StatsLog.INTEGRITY_RULES_PUSHED, success, ruleProvider, version); Intent intent = new Intent(); intent.putExtra(EXTRA_STATUS, success ? STATUS_SUCCESS : STATUS_FAILURE); try { Loading Loading @@ -258,6 +261,15 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { + result.getEffect() + " due to " + result.getRule()); StatsLog.write( StatsLog.INTEGRITY_CHECK_RESULT_REPORTED, packageName, appCert, appInstallMetadata.getVersionCode(), installerPackageName, getLoggingResponse(result), isCausedByAppCertRule(result), isCausedByInstallerRule(result)); mPackageManagerInternal.setIntegrityVerificationResult( verificationId, result.getEffect() == IntegrityCheckResult.Effect.ALLOW Loading Loading @@ -570,6 +582,26 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { } } private static int getLoggingResponse(IntegrityCheckResult result) { if (result.getEffect() == IntegrityCheckResult.Effect.DENY) { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED; } else if (result.getRule() != null) { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED; } else { return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED; } } private static boolean isCausedByAppCertRule(IntegrityCheckResult result) { // TODO(b/147095027): implement this. return true; } private static boolean isCausedByInstallerRule(IntegrityCheckResult result) { // TODO(b/147095027): implement this. return true; } private List<String> getAllowedRuleProviders() { return Arrays.asList(mContext.getResources().getStringArray( R.array.config_integrityRuleProviderPackages)); Loading
